Mountain View, CA – November 21, 2024- Google’s AI-powered OSS-Fuzz uncovers a 20-year-old OpenSSL vulnerability, marking a pivotal step in automated cybersecurity.
Google’s AI-powered OSS-Fuzz tool has exposed a two-decade-old vulnerability in the widely used OpenSSL cryptographic library, sending shockwaves through the cybersecurity community. This flaw, identified as CVE-2024-9143, is an out-of-bounds memory write issue that could lead to application crashes or even remote code execution.
This marks a significant milestone for automated vulnerability discovery. The AI-driven approach has identified critical flaws that would have remained invisible to traditional methods.
The vulnerability, present in all OpenSSL versions before 3.3.3, was undetected for nearly 20 years. Leveraging Large Language Models (LLMs), OSS-Fuzz enhanced code coverage and pinpointed vulnerabilities across 272 projects, adding over 370,000 lines of fuzz-targeted code. This breakthrough underscores the evolving role of AI in fortifying open-source security.
Code coverage doesn’t equate to bug-free software. AI fills the gap, simulating scenarios beyond human foresight.
The discovery is part of Google’s larger commitment to secure software ecosystems, including transitioning to memory-safe languages like Rust and fortifying C++ with hardened libc++. The initiative, though resource-intensive, boasts a minimal performance impact of just 0.3%.
Other News At VPNRanks
Hey, wait!
Stay informed on the latest privacy updates, cybersecurity insights, and internet freedom news by following VPNRanks news daily! As your primary resource for critical updates in online security, we ensure you’re always in the know. Make VPNRanks your go-to guide for safeguarding your digital life!
